Our Information Security team has experienced an increase of potential Scam and Phishing emails that are being forwarded or sent throughout the RPI Community, rather than being reported through the Outlook/Microsoft Exchange Online Protection system.
As a reminder, if an email does not appear legitimate, or if something doesn't appear right, report the email! Forwarding confirmed Phishing emails can inadvertently send active malware or malicious URLs to colleagues!
Four trending Phishing Attacks
- Phishing Credential - Attacker tricks victim into giving away their online credentials to unauthorized parties
- Scam - Advanced fee fraud and similar scams
- Social Engineering - Impersonation of Employee attempting to establish rapport with victim recipient and convince victim to engage in actions such as:
- Changing Direct Deposit information
- Paying fake invoice
- Buying gift cards
- Malware - Attacker attempts to deliver malicious payload
How to Report Potential Spam or Phishing Email
- With a message opened, click Report (
), located in the Home tab of Outlook
- PhishStick will complete a triage to autonomously inspect and evaluate Client reported emails, and will then send an email response categorizing the analyzed email as:
- Phishing/Malicious
- Spam
- Safe
- Phishing Simulation
For more information regarding PhishStick and Reporting Suspicious Messages to Microsoft, please see below ITSSC articles:
https://itssc.rpi.edu/hc/en-us/articles/42860263500045-Information-Security-AI-Security-Analyst
https://itssc.rpi.edu/hc/en-us/articles/15784053174797-Report-Suspicious-Message-to-Microsoft-from-Outlook-using-Report-Message
Matthew Lewis
Information Security Analyst
Book Office Hours with Information Security
